Tuesday, December 17, 2013

Most computers come with web cameras. Most computers because of Windows are virus magnets. It's not really Microsoft's fault--Windows is just a big target. And lots of Trojans and viruses these days do things with your web cam, none of them good. If you are a woman, especially a young one, you yourself are a target. No es bueno. What's worse is that not all web cams have a little light that comes on telling you that you that your camera is turned on. And even worse than that, the malware is getting more sophisticated and in some cases can turn on your web cam without you seeing any indication that you are being recorded. It disables the blue light that most web cams have.

Now, I'm not that paranoid, but then again I'm probably not on anyone's 'must record' list either. I don't often use my web cam, so why not just cover it, at least when it's not in use. It's a small risk for me, but the web cam is just one more thing to leak your privacy with, so no sense tempting fate. I got to thinking about how to cover a web cam (especially a laptop one) in such a way that it a) it can be uncovered without a lot of fuss if I ever need it and b) didn't look too hokey.

Problem solved ... with common electrical tape! I'm sure about a million people have thought of this already, but there's no such thing as too much knowledge. What I did was cut a very small square of it and put it over my web cam lens. Since this type of type is not very sticky, I can easily take it off when I need the web cam (almost never) and even reapply it when I'm done using it.

My laptop is black so the piece of tape isn't even visible enough to worry about looking cheesy. But if you have a different colored machine, you can even purchase other colors of electrical tape. So if you have an Apple and use it in a professional setting, you could buy white electrical tape and nobody will even be able to see (unless they really look, which is creepy anyway) that you have your camera covered.

Just a little square is all you need

It's mostly invisible unless the light hits it at a certain angle

Until the day that they invent a computer virus that can take off the tape, you can sleep soundly knowing that nobody is counting your beers, or worse. Physical security is the most important kind because it cannot be defeated by software.

Tuesday, December 10, 2013

Note: This is a guest post from HOB
While the prevalence of mobile working and BYOD has many positive effects for companies and their employees, IT teams must face the increased security risks associated with these benefits. For more information on secure remote access solutions, check out these free e-books

Wednesday, December 4, 2013

We all have them in our house: power bricks supplying energy to all our electronic devices. Even if they are internal, all electronic devices require them to convert AC power which your house gets from the grid to DC power which all electronic devices require to run. They are mostly redundant because each device needs to have its own brick. But that's not the bad part: the internal components of the power brick draw power even when the device they are powering is turned off. So, every power brick in your home is consuming power at all times if it is plugged in.

Wasn't too hard to find a random handful for the photo

There's no getting around this simple fact that the local grid only supplies us with AC. The battle over which type of current to build our infrastructure from was fought years ago between two powerful men, Tesla and Edison. Tesla won the battle, mostly because AC-- while much more dangerous than DC-- is easier and more efficient to transport.

The world we live in delivers power to every home in a format that these days most of the devices in the house cannot use, and because of that, we all waste a certain amount of power from these things. Just think about how much power the country uses with millions of power bricks plugged in, just sitting there doing nothing. As electronic devices become even more ingrained in our lives, we should see more standardization and compatibility between devices. Our houses should have DC ports just like it has AC plugs, and those ports shouldn't be drawing from the grid when they are not use. In the meantime, we are stuck with a house full of these little plastic abominations.

Paring down the number of power bricks in your house is a matter of compromise between savings and convenience. Unplugging unused or unneeded devices is a no-brainer. There's a few other tricks like plugging power bricks into a power strip or surge protector with a built in switch, and being able to switch off a whole group of devices when you go home for the day. Another trick we use is to have as many devices use the now-universal USB charging interface as possible, which cuts down on the number of chargers we have plugged in. But certain devices like your larger appliances have their own internal transformers to convert to DC and aren't really practical to unplug when not in use.

At my house we make a decent effort at simplifying what we need plugged in at any given time. This also eliminates much of the clutter we used to have. We have a pretty good sized house, so taking these kind of steps all add up to a big impact on our electric bill. It's definitely worth it to go through your home and ask yourself: does this thing need to be plugged in?

Tuesday, November 19, 2013

Just released from the Electronic Frontier Foundation, this info graphic shows more than a couple surprises, and for me, a couple of disappointments. But the truth shall set us free, and with the hard work of folks like the EFF, hopefully we can take back some portion of our personal privacy. I've said this before and I'll say it again: it's a short list of folks standing up for our rights, and the EFF is on that list.

Wednesday, October 30, 2013

You probably have an Internet connection with some kind of router attached to it, probably a Wi-Fi router. The main purpose of the router is to share the single, public IP address given to you by your cable provider with multiple devices. Otherwise each Internet connection would only allow a single device to be on the Internet. Every device on the Internet needs an IP address to communicate, so the router hands out private IP addresses that all connect via the public IP address assigned to you by your service provider.

Every web site you visit from every device in your home connects via this single public IP address, and each one of those web sites knows your IP address and can do with it what it will. It can use your IP to track you and all the devices in your house, and even get a rough idea of your physical location.

Residential Internet connections are generally given what's called a dynamic IP, which means you are only leasing it. But even though it is only "leased", chances are that you have had it a good long while. That is because it is easier for your provider to keep leasing you the same IP. The main exception is that when you turn your Cable/DSL modem off for a certain period of time, your IP address goes into a pool, and is given to the first new client who doesn't already have one assigned. Otherwise you get it back.

Knowledge is power, and knowing your public IP address is one more tool you have in the fight to regain your privacy on the Internet. Since every web site you visit sees your public IP address, there are lots of sites that will display that to you.

NOTE: Before anyone thinks I am giving out my real IP address, I have modified the IP address as well as the longitude / latitude numbers on all the screen shots below.

This site shows you your public IP address and also your position on Google maps. It's a little scary, huh? What's even scarier is that unlike Android devices such as your phone or tablet, a web site can often tell your physical location within a few feet without your permission, based on your IP address alone.

As with other sites, this site gives you both your public IP address and your location, but with a twist. Because different sites use slightly different methods to detect your location, some may be more accurate than others. I make no secret that I live in Spokane, WA. But notice above that whatismyip.com shows my city as Seattle, WA. A couple of the listings for this site show my correct city.

The neat thing about this site is that it will give you location data from numerous sites, some of which report longitude and latitude of your exact location.

Putting your knowledge to use

What value does knowing my IP address have for my privacy? I'm glad you asked! Knowing your public IP allows you to tell when it's changed, such as when you connect to a private VPN service. The VPN I use has servers all over the world. What that means is that I can appear to the outside world to be located wherever I choose, based on the servers available from my VPN service.

Here you can see that I connected to a server in Luxembourg. When connected to the VPN, every web site I visit sees the public IP address of the VPN server I connected to, and not my actual public IP. Now any web server which tries to use geolocation data based on my IP is going to guess wrong. If you use your imagination, you will see how a VPN could be helpful to your privacy!

Saturday, October 26, 2013

The prevailing attitude is that if you don't have anything to hide, then you shouldn't be worried about your privacy. Of course if you ask anyone who preaches this philosophy to post their last few tax returns on Facebook, the story might change a little bit. The truth is we all have something to hide. Maybe it's not illegal, and maybe it's not even immoral, but most of us have details of our lives that we wouldn't feel comfortable with the entire world seeing.

1. The Government

The NSA drinks from the well of pretty much the entire world's Internet traffic. With little or no oversight they are free to do what they want with your information as long as they say "because terrorism!" first. Revelations have come to light about the NSA not only using information it collects about you for purposes of national security, but to secretly share with other government agencies and even corporations which use this information for profit.

New revelations are coming out of the Snowden leaks virtually every day, and it's all bad for your privacy. Ok, it's not all bad. We now know that technology like VPNs and the Tor network are actually capable of giving us a modicum of privacy. By looking at the leaks of what is giving the government trouble in taking away our privacy, we can infer which technologies work the best to protect it.

2. Hollywood

Hollywood has long seen Internet as the enemy and everyone on the Internet as either thieves or potential thieves. While not a direct threat to your privacy, they are an indirect to everyone's privacy because they work so hard to undermine it. They spend millions lobbying for laws that erode your privacy and even your civil liberties in a vain attempt to turn the clock back 30 years.

The purpose of (thankfully) failed laws and agreements such as SOPA, ACTA and CISPA were to take away your rights and consumer protections in the name of profit. Hollywood lobbyists have reportedly admitted that they have infinite patience and will eventually slip one of these types of draconian laws through while the public is napping.

3. Corporations

Unlike Hollywood with its disdain for technology, most corporations exploit technology to its fullest potential in order to maximize profit. Your privacy is a simple formula to them: the less privacy you have, the better these corporations can sell you things. It almost doesn't even sound bad.

The problem lies with the fact that a great deal of time and money is spent gathering your personal information, but not much if anything is spent on protecting it. On the contrary, corporations routinely sell your personal information as well as volunteering it to various government agencies. What's worse, these corporations have virtually no liability or accountability for what they do with your information, because they were given retroactive immunity.

There are very few large companies fighting for your privacy. And because all corporations are for profit, the ones that protect your privacy only do so because it is in their own financial interests.

4. Employers

It used to be that other than being some kind of criminal, your personal life off the clock was none of your employer's business. You have no such protections these days. Of course your employer can't officially discriminate against you for a chronic medical condition or dressing up as a donkey on Thursday nights and singing karaoke at the corner bar.

When I bought my first house, they made me sign a non-discrimination disclosure. The lady doing the signing made a joke of it and said something like "sign here saying you're not being discriminated against, though if you were, ironically you wouldn't be here signing this disclosure."

And there lies the problem with your employer or potential employer knowing every intimate detail of your life. Chances are, if you are discriminated against, you won't even know it.

5. Hackers and Identity Thieves

Why is Hackers at number 5? Because you are more likely to lose your privacy to the top 4. But that doesn't mean that hackers and identity thieves aren't a threat. It's just these days, most people are more savvy than they were, and they're wary of scams. The Nigerian Prince who just sent you an email will pretty much always find a target somewhere, but the Internet isn't as gullible as it used to be. Thank you for that Russia and Nigeria.

But hackers are getting more sophisticated as the arms race against them escalates. The one thing we as consumers have going for us is that the same banks who minimize our privacy in order to squeeze every last penny out of us is our unlikely ally against hackers. The bank could very well be on the hook for a hacker's shopping spree on your stolen credit card. The bank doesn't give a crap about you, but it really, really likes money, so it does whatever it can to keep you safe. By trying to keep your money safe, it's keeping its own money safe.

It is for this reason that I put hackers as the lower risk to your privacy. You as a consumer have a rare overlap of interest with the powerful players who normally work to screw you. Also, the threat is a bit overstated because there are billions of dollars in profit with a vested interest in keeping you scared of hackers, viruses and malware.

Conclusions

This article is meant to focus more on the problems protecting our privacy than the solutions, which I intend to get into depth with in future articles. The short answer is that we're pretty much screwed as far as our privacy goes, but with some discipline, tools and good practices, we can take back some of the privacy we all have unknowingly relinquished.

Wednesday, October 16, 2013

You did it, you finally cared enough about your privacy to go out and purchase a VPN subscription. But it only protects your privacy when it’s connected, and you keep forgetting to connect it or verify that it’s still connected. VPN connections sometimes drop, and when your VPN drops its connection, your privacy is not protected. What’s worse, when the VPN drops, everything on your computer keeps chugging along, unaware of the unsecure change in its environment.

What you want is to know for sure is that certain applications of your choosing are only functional when the VPN is connected. That way, your specific application will not send a single packet of data from an unsecure connection, ever. It turns out that this is pretty easy to accomplish with more recent versions of Windows, using advanced features of the built in Windows Firewall.

In this tutorial, I will be using the Google Chrome browser as my example. Using a browser is a good example for several reasons. For one, most of what people do on the Internet is through a browser. Also, it’s very easy to test the new Inbound and Outbound firewall rules we will be creating for this tutorial. When the change is complete, Chrome will only connect through the VPN and will not function without the VPN connected.

Step 1 – Configure Your VPN

I’m going to assume that at this point you have some sort of VPN service, whether it’s a custom OpenVPN client or an L2TP connection you created manually yourself in Windows. There are lots of ways to connect to a VPN, but for the purposes of this tutorial it doesn’t matter, because you are going to be basing the applications you want to have control over solely on the basis of connecting through a Public profile network in Windows.

When you create an Internet connection it gives you several profile options to create the new connection for: Public, Private and Domain. For this tutorial to work, it is very important that your VPN connection is configured for a Public profile. It’s the key to setting it up in Windows Firewall. In a nutshell, every program you want to force through the VPN is going to be configured to be restricted to this Public profile.

Step 2 – Network and Sharing Center

Start by right clicking on the network icon in the lower right hand corner of your desktop and choose “Open Network and Sharing Center” and you should see something like the window below:

Before we move on to the Windows Firewall, let’s take a second to double check your VPN profile setting. It should show a picture of a park bench showing you at a glance that it’s set correctly, like shown below:

Now, click on the Windows Firewall link in the lower left corner of the Network and Sharing Center window, as shown below:

Step 3 – Windows Firewall

You should be looking at the Windows Firewall screen, and the firewall should be enabled. Click the advanced settings, as circled below:

Step 4 – Advanced Firewall

You should be looking at the advanced firewall window, as shown below:

Step 5 – Create Outbound Rule

On the left hand side of the window, click on Outbound Rules, like so:

Then, on the right hand side of the window, in the action bar, click New Rule, like so:

Choose Program and click Next >>

This is the screen where you are going to need to know the full path on your hard drive to the EXE file which runs the program you are working with. In this example I am using Chrome, so I will point it to Chrome.

However, what if you don’t know the path to the EXE file you are looking for? If the program is running, you can find it in Task Manager as shown below. To run Task Manager, just right click on your desktop taskbar and choose “Task Manager”.

This is the Windows 8 Task Manager, but you can still get the job done in Windows 7:

When you are in Task Manager, right click on the application you want to know the path to and choose “Open File Location” which will open a Windows Explorer window with the EXE file you are looking for!

Now, right click on the shortcut you should be looking at, and choose Properties. Circled below is the fruit of your labor—the full path to Chrome, not counting the .EXE file itself.

With this knowledge in hand, we can create type the path into our outbound rule and advance by pressing Next >>

Because outbound traffic is allowed by default, the only purpose of this rule is to block traffic that’s not from the VPN. And so you want to set this screen to Block and click Next >>

Below is the most important screen, because you are blocking everything not in the Public profile. Since the VPN connection is the only connection set to Public, this rule will filter out all traffic except the VPN. The end result is that Chrome will not surf the web when the VPN is disconnected.

Almost done. Now just give your rule a name and description. If you or old like me, or just have a poor memory, it is a very good idea to put something descriptive here. I put “force chrome to VPN” so there will not be any doubts about what my new firewall rule does:

That’s it! Now just press the Finish button, and you should see your new rule appear at the top of the list, though the next time the window refreshes it will sort your new rule, so you may have to go hunting for it next time:

That’s it for Chrome, since it does not accept any incoming connections. If you have an application that does, then you will want to keep going. You still want to test it though. With your VPN connected, verify that it surfs the web. Now disconnect your VPN and try to browse to a common web site like Google to verify that it won’t work:

I get the message below when I try the test:

Step 6 (Optional) – Create Inbound Rule

For the most part you are not going to have many incoming connections via your VPN. But some common Windows applications such as voice, messaging and file sharing are going to need incoming connections to work properly. Unlike outbound connections, inbound connections are disabled by default. This tutorial is going to assume that you already have an inbound firewall rule for the application you are working with and that the application is already functioning properly aside from needing to be restricted to the VPN.

Creating the inbound rule is the same procedure you just used to create the outbound rule, so I won’t repeat it. It’s just another rule to create.

Tuesday, October 8, 2013

I get up to a couple hundred emails a day. Normally I don't use my phone for email, but it's nice in a pinch,
like when there's no Wi-Fi to be had. I use the stock email app from Google to manage my 7 accounts. One day fairly recently, my ZTE Android phone decided that it was going to always run the Email app in the background no matter what I did. Which means it wanted to make a sound every time an email came in, which is about every few minutes. It got aggravating quickly. My ZTE is running close to a stock version of Android, so it doesn't have all the fancy email settings in the stock app like my wife's fancy HTC smart phone.

There seemed to be no way to tell the stock email program not to play any audio notifications. The best I could do was turn off sound for the entire device.

There seemed to be no way of getting the email app not to run when I didn't want it running. Stopping the app in App Manager didn't help. Disabling it completely did the trick, but when I re-enabled it, all my accounts were gone. Not a very good solution, though it did solve the notification problem by deleting all my account info.

Really the only way I found to control the notifications is by individual account, which is better than nothing. It would be nice to have a master toggle switch for the notifications to turn them on and off in one shot, but I guess this is better than nothing.

The account settings for each account lets you control wheter a notification comes through, and whether it plays a ring tone or vibrates when a new message comes in. Setting the ring tone of each account to Silent lets me keep the notifications without the noise of it playing a ringtone every few minutes.

Tuesday, October 1, 2013

Lately the Chinese have stopped allowing the shipment of Lithuim-ion batteries via air mail over cited safety concerns. This means the price of Lithuim-ion batteries has already gone up across the board. It was a nice ride while it lasted though, with genuine Panasonic 18650 batteries going for as little as 5 bucks a piece new. But I believe that some Chinese sellers like Fasttech and Wallbuys are continuing to ship them and let people take their chances. Other than that, your best bet will be with an e-bay seller who ships locally, and of course there are reputable U.S. sellers who still sell them at the normal markup. But the days of dirt cheap Panasonic and Sanyo batteries might be over. Oh well, at least we stocked up a bit.

Thursday, August 22, 2013

It could happen. Your power could go out. A meteor could hit. Freak ice storm. Who knows. That's why it's called disaster preparedness; because you don't necessarily know what you are preparing for, other than you know what your basic needs will be. One thing most people need to function but often overlook is a method to charge their devices in an emergency.

Waka Waka Power: Product Link

12V Power Sources

A 12V outlet normally takes the form of a so-called cigarette lighter. Devices and chargers that can use 12V have the big, telltale plug on one side and usually a DC in plug in the case of chargers, and a micro USB port in the case of modern electronics.

Examples of devices you can plug into a 12V power source are:

1. Power inverter to give you power for any household appliances and chargers you only have with 110V house plugs.

2. Battery chargers like my Nitecore i4 which can plug into a cigarette lighter plug directly.

3. USB widgets which allow you to plug in 5V USB devices.

4. Older devices such as phones, tablets and GPS which have their own dedicated 12V plug. My Acer tablet for example, came with a 12V charger instead of a USB charger, and I can't seem to find the right plug for it to charge from one of my USB chargers.

Vehicle 12V

The first and best mobile power source most people have is their car. It's basically a rolling power generator. Depending on how much gas you have, your car could supply you with emergency power for weeks or even months. It's useful being able to charge your phone from your car, and it's very useful to be able to charge universal USB devices, but it's supremely useful to have a power inverter, which will let you plug standard 110V appliances and devices into your vehicle. Now you can power your TV!

Portable 12V

There are lots portable 12 V devices out there, such as uninteruptible power supplies (UPS), jump start boxes and tire inflators. I happen to have a tire inflator with a 19 amp hour battery. And using the same power inverter or USB widget I would use for the car, I can harness the charge in the tire inflator for anything I want. And unlike my car, the tire inflator fits in my tent. I could also plug a USB dongle into my tire inflator and charge my kindle inside my tent.

Campbell Hausfeld 12 Volt Tire Inflator And Power Supply

Household 110V

In an emergency, you probably won't have city power, which would be one of the reasons it's an emergency in the first place.

Portable 110V

400 Watt Inverter Charging My Laptop

Your source of 110V in an emergency is either going to be via a generator or an inverter. Generators are nice, but they are bulky and so is the fuel. If you are stationary, or have a large RV or vehicle, this might be feasible. Another problem with generators is that they don't store power for later. You get a stream of power and anything not used by your devices is wasted, gone forever.

Inverters aren't very efficient, but they work for most devices. They work by converting DC to AC, so you definitely don't want to use it for something like a battery charger if it can use something else like 12V or USB. This is because to plug an AC USB charger into your inverter, it has to convert DC->AC->DC which is very wasteful. You are much better off plugging a USB widget into your cigarette lighter plug instead of the inverter.

USB 5V Chargers

Most modern mobile electronics these days take a 5V USB port, and there are lots of ways to get that for your devices.

1. There are 110V USB wall chargers, though again, it is an inefficient way to get a USB plug if you are going through an inverter, and should be used only as a last resort.

2. A 12V USB widget can plug into your car or portable 12V device's cigarette plug and give a 5V USB plug to your devices. This is one of the most efficient and easiest ways to charge your phone during an emergency.

3. We have lots of USB battery packs that are based on lithium-ion batteries, and store a tremendous amount of power, usually in the range of 12 to 13 amp/hours. They are a little heavy but very compact. Just a couple of these in my back pack, and now I can charge my phone for a month in an emergency, or if I just don't feel like taking it to a wall charger.

Charging my Android Phone

Ruinovo 4x18650 battery pack

Charging 1st Gen Kindle Fire

Charging a couple AAA NiMH batteries

4. Another variation is the solar USB battery pack, like my Waka Waka and lots of cheap alternatives as shown below. With one of these, suddenly you have a way of charging your phones, tablets, headphones and other devices when nothing else has power.

Waka Waka Power slung from my SwissGear backpack

Waka Waka charging an HTC One

Cheap solar charger I paid about $20 for

Another twist on the power pack is that they can charge each other. When needed, you can move power around between different packs and devices. For example, I could use a power pack to charge my Waka Waka (which is itself a power pack) in order to use its built in lantern. And I routinely use the solar chargers like the Waka Waka in order to top off my dedicated power packs.

5. Yet another last ditch USB power source is the little crank flashlight/radio/charger made by Duracell. It's a lot of cranking just to talk on the phone, but it can be invaluable as a last ditch backup. Not to mention it has a built in flashlight and AM/FM/Weather radio. And theoretically at least, it can charge all your USB power packs to store some of the energy from all that cranking for later.

6. There are hybrid chargers/packs that let you charge a battery and then use it as a power pack for other devices. Some power packs can be used in this role as well since they have a battery compartment which pops open. For example, I can charge a power pack, pop it open, and take one of the 18650 lithium-ion batteries out, and use it in one of my flashlights. Some of these lights will give me 100 hours on low, so with 4 batteries, yeah, that's a lot of light.

7. And lastly, they make some nifty USB AA/AAA chargers. Being able to easily charge AA and AAA batteries in an emergency is yet another great capability. I still have lots of devices which take these common batteries that I would want to use in an emergency, like walkie talkies and hiking GPS units. And flashlights, of course. In an emergency, you can be certain our house will have light. If it puts out power, I can make light out of it.

Saturday, August 10, 2013

I was having a heck of a time figuring out how to get my MyBB forum software to send its email out using Gmail as the provider, but using encryption. It's easy to have it send by default, but I wanted it to use encryption! I didn't care whether it used TLS or SSL, just as long as it was using something secure.

TLS was something I never could get working. I don't know if there is a PHP extension for TLS, but there is for SSL, so that's what I went with.

1. Enable SSL with PHP

Start with the WAMP control panel in the system tray, like so:

Then look for this line in php.ini and delete the semi-colon for open_ssl.dll, commenting the line in, as shown below:

Go back into the control panel and select "Restart All Services" to make PHP pickup the change.

Your PHP should now be configured for SSL, and now all you have to do is use the right SMTP settings, and you're all set!

2. Use These SMTP Settings For Gmail

*NOTE: If you are using Gmail with a custom domain, use "yourname@yourdomain.com" for the user name, or whatever the contact email for your domain is. If' it's just a plain Gmail account, use your gmail acount.

3. Try A Test Email

Did it work? If not, for MyBB, go into the admin system under Tools And Maintenance-->System Mail Log to look for any errors that would give you a clue as to where you went wrong. The hardest part for me in this process was figuring out how to enable SSL for PHP. That, and I had to use the TLS port of 465, which is one of Gmail's quirks.